Add support for firewalld on Ubuntu

Enables the installation and configuration of firewalld on Ubuntu
systems.

Change-Id: I4a97a2aeed277be672e15e5c7727b810e11d3c42
Story: 2010160
Task: 45818

ansible/firewall.yml

@@ -5,8 +5,7 @@
     - config
     - firewall
   tasks:
-    - name: Configure the firewall
+    - name: Configure firewalld
       include_role:
-        name: "firewall-{{ ansible_facts.os_family | lower }}"
+        name: "firewalld"
-      when:
+
-        - ansible_facts.os_family == 'RedHat'

doc/source/configuration/reference/hosts.rst

@@ -469,12 +469,11 @@ Firewalld
 *tags:*
   | ``firewall``
 
-.. note:: Firewalld is supported on CentOS and Rocky systems only. Currently no
+Firewalld can be used to provide a firewall on supported systems. Since the
-          firewall is supported on Ubuntu.
-
-Firewalld can be used to provide a firewall on CentOS/Rocky systems. Since the
 Xena release, Kayobe provides support for enabling or disabling firewalld, as
 well as defining zones and rules.
+Since the Zed 13.0.0 release, Kayobe added support for configuring firewalld on
+Ubuntu systems.
 
 The following variables can be used to set whether to enable firewalld:
 

playbooks/kayobe-overcloud-host-configure-base/overrides.yml.j2

@@ -170,7 +170,7 @@ chrony_ntp_servers:
       - option: maxsources
         val: 2
 
-# Enable firewalld (CentOS only).
+# Enable firewalld
 controller_firewalld_enabled: true
 controller_firewalld_zones:
   - zone: test-zone1

playbooks/kayobe-overcloud-host-configure-base/tests/test_overcloud_host_configure.py

@@ -11,11 +11,6 @@ import distro
 import pytest
 
 
-def _is_firewalld_supported():
-    info = distro.id()
-    return info in ['centos', 'rocky']
-
-
 def _is_apt():
     info = distro.linux_distribution()
     return info[0].startswith('Ubuntu')
@@ -25,10 +20,12 @@ def _is_dnf():
     info = distro.id()
     return info in ['centos', 'rocky']
 
+
 def _is_dnf_mirror():
     info = distro.id()
     return info == 'centos'
 
+
 def test_network_ethernet(host):
     interface = host.interface('dummy2')
     assert interface.exists
@@ -241,16 +238,12 @@ def test_tuned_profile_is_active(host):
     assert "throughput-performance" in tuned_output
 
 
-@pytest.mark.skipif(not _is_firewalld_supported(),
-                    reason="Firewalld only supported on CentOS and Rocky")
 def test_firewalld_running(host):
     assert host.package("firewalld").is_installed
     assert host.service("firewalld.service").is_enabled
     assert host.service("firewalld.service").is_running
 
 
-@pytest.mark.skipif(not _is_firewalld_supported(),
-                    reason="Firewalld only supported on CentOS and Rocky")
 def test_firewalld_zones(host):
     # Verify that interfaces are on correct zones.
     expected_zones = {
@@ -272,8 +265,6 @@ def test_firewalld_zones(host):
             assert zone == expected_zone
 
 
-@pytest.mark.skipif(not _is_firewalld_supported(),
-                    reason="Firewalld only supported on CentOS and Rocky")
 def test_firewalld_rules(host):
     # Verify that expected rules are present.
     expected_info = {

releasenotes/notes/add-support-for-firewalld-4387151a727bf8bb.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Adds support for configuring a firewall via firewalld on Ubuntu. See `story
+    2010160 <https://storyboard.openstack.org/#!/story/2010160>`__ for details.